Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

4/20/2015
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Gurucul Protects Cloud Apps with Identity-based Threat Detection

Cloud Analytics Platform Detects Hijacked Accounts and Insider Abuse to Prevent Data Leakage and Compliance Violations

LOS ANGELES, April 16, 2015 – Gurucul, the identity-based threat detection and deterrence company, today announced a new addition to the Gurucul Risk Analytics (GRA) suite which protects cloud applications from insider and external attacks with user behavior analytics. The Gurucul Cloud Analytics Platform™ (CAP) detects insider access abuse and account hijacking by continuously monitoring activity against hundreds of attributes using machine-learning algorithms. This information is collected cloud-to-cloud using out of the box connectors to most cloud applications like Salesforce, Office365, Box, Concur, and Workday.  Gurucul CAP can alert organizations on anomalous behaviors, prevent data leakage, perform cloud application discovery, and provide continuous insight into cloud infrastructure access and activities.

The company will demonstrate Gurucul CAP at RSA Conference 2015 booth 2509 in the South Expo Hall.

Cloud applications and infrastructures pose even greater security challenges than their on-premise counterparts since organizations have limited visibility into and control over when and how cloud access is used. This increases the risk of data breaches, data loss, account hijacking, insider abuse and other threats associated with the use of shared technology.

 "We have a new perimeter, and it lives in the Cloud.  Cloud based applications for critical business services introduce new risks and threats, which require innovative detection and mitigation techniques,” said Teri Takai, Chief Information Officer, Executive Vice President, Meridian Health Plan. “While some operational and infrastructure concerns are less relevant in the cloud, issues such as data breaches, data loss and malicious insiders, are even more prevalent. Gurucul's CAP solution addresses this need by applying behavioral modeling techniques and advanced security analytics to the cloud.”

 Identity-based Security for the Cloud

 Gurucul CAP treats cloud identities as a threat surface. CAP is based on the Gurucul Predictive Identity Based Behavior Anomaly Engine (PIBAE), which uses identity as the core and overlays activity, alerts, intelligence and access information combined with machine learning techniques and big data analytics, to provide predictive security analytics and zero day risks. These machine-learning algorithms run against hundreds of attributes to determine baseline behavior for an identity and compare it against dynamically created peer groups to detect anomalous patterns. These patterns are matched against internal risk modeling algorithms to assert a risk score for an identity.  This behavior modeling approach enables Gurucul to provide organizations with actionable risk intelligence and insight into their cloud infrastructure by identifying insider threats, compromised accounts, data leakage and assisting in investigation and forensics.

 Unlike other cloud security products that rely solely on log data from reverse proxy gateways, Gurucul’s user behavior analytics engine enables CAP to deliver the following benefits:

 •             360 Degree View of Identity, Access, Activity, and Alerts for Cloud Applications - Correlate data across multiple cloud applications to create contextual identity – who is the user, what access they have, what activity are they performing, and associated alerts

 •             Purpose Built to Instantly Identify Risky Behaviors - Self-training machine learning algorithms are tailored to identify anomalous behaviors immediately upon deploying the technology.

•             Intelligent Access Analytics - Real-time analytics on accounts and access to identify anomalies, improve access control, and data governance.

 •             Automated Self Audit - End user awareness with a customizable online view of their activity (similar to a bank or credit card statement) to identify anomalies and potential misuse of identities.

 •             Cloud Application Discovery - Insight into known / approved and unknown / unapproved access to cloud applications, providing detailed visibility of access, activities and risk profiles.

 “Cloud applications are outside the reach of most enterprise security measures, yet all that is needed to comprise sensitive data is a username and password,” says Saryu Nayyar, CEO of Gurucul. “The Gurucul Cloud Analytics Platform continuously monitors identity-based activity within cloud applications using machine learning algorithms to predict and detect risky behaviors. Gurucul can recognize malicious activity by insiders or compromised accounts using this cloud user behavior analytics technology.”

 The Gurucul Cloud Analytics Platform is available immediately from Gurucul and its business partners worldwide.

 About Gurucul

Gurucul is changing the way enterprises protect themselves against threats inside their IT infrastructures from employees, third-party providers and external intruders. The company’s user behavior analytics technology uses machine learning and predictive anomaly detection algorithms to anticipate, identify and prevent breaches. Gurucul technology is used globally by organizations to detect insider fraud, IP theft, external attacks and more. The company is a Gartner Cool Vendor and CTR MVP Award winner. Gurucul is based in Los Angeles. To learn more, visit us at www.gurucul.com and follow Gurucul on LinkedIn, Facebook and Twitter (@Gurucul).

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...